Then you might want to be aware that you may be selling on some of your data with it, even after a factory reset.
A paper on Security Analysis of Android Factory Resets by Laurent Simon and Ross Anderson is based on a study of ‘the implementation of Factory Reset on 21 Android smartphones from 5 vendors running Android versions v2.3.x to v4.3.’ They believe that:
…up to 500 million devices may not properly sanitise their data partition where credentials and other sensitive data are stored, and up to 630M may not properly sanitise the internal SD card where multimedia files are generally saved. We found we could recover Google credentials on all devices presenting a flawed Factory Reset.
Anderson’s own blog also points out that this calls into question the ability of security software to guarantee the effectiveness of a remote wipe of a stolen phone if the software relies on a faulty factory reset, an issue explored in more detail in the paper Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps.
Hat tip to Randy Knobloch, who flagged an article by Liam Tung that brought the papers to my attention.
Small Blue-Green World